3

I'm working on a little posting system so I can post posts on my site and people can like and dislike it.

It looks like this:

the voting system

At the moment you can upvote and downvote as many times as you would like. I know how to make the images not clickable with JavaScript but I also need a way to do this in PHP because someone could just make the buttons clickable again with fireBug or the Chrome Console.

This is probable the first thing i'm actually making in PHP so i'm still a beginner. Thanks for any suggestions.

Shawn31313
  • 5,978
  • 4
  • 38
  • 80
  • 3
    Define what is "person"? How do you differ one "person" from another? – zerkms Jul 30 '12 at 21:15
  • Aside from storing the vote count, you need to also store "who" placed the vote. Then when the button is clicked, you can verify that they have or have not voted already. – Matt Jul 30 '12 at 21:17
  • so you think it's working with JS? what happens if the user reloads the page? – Karoly Horvath Jul 30 '12 at 21:17
  • If you're allowing non-users to vote as well, I'm afraid you're in for quite the bit of pain. There just isn't a good method for handling that sort of intricacy. Of course, if you had well-defined users with entries in databases... – Palladium Jul 30 '12 at 21:17

3 Answers3

9

I am not going to just write code for you, and there are probably dozens of workable examples on script sites. Here are a few tips to get you pointed in the right direction:

Session variables - $_SESSION[] - Check if it is set, and then set them after a vote. As long as they don't close the browser, they won't be able to vote again.

Cookies - $_COOKIE[] - Same as session, but can remain even if they close and open their browser again.

IP Address - $_SERVER['REMOTE_ADDR'] - Keep a record in a MySQL table of IPs and votes.

Login system - Only allow authenticated users to vote, and then keep track of the votes in the database.

Any combination of the above is acceptable. Hope that gets you pointed in the right direction.

Tim Withers
  • 12,072
  • 5
  • 43
  • 67
  • Thanks Tim, this also answers a question I was going to ask about limited 1 like/dislike vote per posted image on my website. But for cookie, can someone log a second like/dislike vote if they clear their browser cookies? How do I permanently store their vote... should I store their IPs in a database? – user3871 Nov 20 '12 at 20:12
  • 1
    @Growler I would definitely store data in the MySQL database, that way they cannot vote more than once even if they clear their data. Using a mobile device or proxy, however, would negate this, but would limit them to maybe a half dozen votes if they really want to spend the time and energy to use proxies. – Tim Withers Nov 20 '12 at 20:33
6

Since you're going to learn this, I'm not going to post any complete code. I can give an overview, though.

The best way to do this is to store votes in a database table (probably MySQL):

| vote_id | user_id | post_id | vote |

Where:

  • vote_id is an auto-increment column that creates a unique ID for each vote
  • user_id is an identifier of who the user is that submitted this vote
  • post_id is an identifier for the post the user is voting on
  • vote determines whether this vote was up or down.

Now, you can form queries to determine whether or not somebody has already voted on the post, and act accordingly.

nickb
  • 59,313
  • 13
  • 108
  • 143
  • Absolutely correct, but I don't know if this is a good thing to "cut your teeth" on with PHP. – Sablefoste Jul 30 '12 at 21:20
  • Thank you, but I got the vote system i just need the identifier of the user which that helped me. But anyone can vote, so I dont have members. What do I do for the user_id part? – Shawn31313 Jul 30 '12 at 21:21
  • Just a thought: if any user is only allowed to vote on a post once, then can't you just cut out the `vote_id` and use `user_id` and `post_id` as primary foreign keys instead? – Palladium Jul 30 '12 at 21:21
  • @Shawn - You need some way of identifying users. If you don't have that, then there's absolutely no way of determining if a person voted on a post in the past. How you implement that is up to - You can have people login, you can base it on IP address, or IP address and User-Agent, or whatever else you want. – nickb Jul 30 '12 at 21:24
  • @Palladium - You could, that part of the implementation is ultimately personal preference. I've always preferred having unique IDs on a table, and then making `user_id, post_id` a UNIQUE index. But that sort of detail seemed too in-depth for an overview. – nickb Jul 30 '12 at 21:25
  • No i mean I got the whole system already up. All is to stop people from voting twice. I know I need a wat of identifying I didn't say you dont. I want to check by IP, but not really sure how to check if an ip is already in the database – Shawn31313 Jul 30 '12 at 21:26
  • You'd store the user's IP address in the database, and then query the database to see if the current user's IP address is in the votes table for a specific post. To get the IP address, see [this SO question](http://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php). – nickb Jul 30 '12 at 21:28
  • You issue a query, and see if any results come back: `SELECT * FROM votes WHERE post_id = 6 AND user_ip = '192.168.1.1'` If that comes back with one row, then the user voted. If not, the user didn't vote. – nickb Jul 30 '12 at 22:24
  • Man u r pro thanks for such a suggestion. I am learning creating database for social networking site can u tell me where i can find these kind of stuff to learn website data modelling. Thank u. – Arjun Chaudhary Apr 18 '15 at 00:42
0

You need to validate it on the server-side i.e. in PHP code. You can do that either by IP address (if non-logged in user / guest) or by username (for logged in user)

There is no way you can stop users by client-side validation.

Kalpesh
  • 5,635
  • 2
  • 23
  • 39
  • Yes I know, thats what I was saying, I want to use PHP, and js will just be a little bit for Show. But the main part will be PHP. How do I store the IP's? – Shawn31313 Jul 30 '12 at 21:21
  • WHen user clicks on the link, you can know the user's IP address by `$_SERVER['REMOTE_ADDR']`, which you need to store in the database as a separate field. So the next time the same user tries to vote again, you check check that IP against your db table. – Kalpesh Jul 30 '12 at 21:24